Network Security Requirements and Attacks

Kamal K. Pandey

Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become “wired”, an increasing number of people need to understand the basics of security in a networked world. With the introduction of the computer, the need for automated tools for protecting files and other information stored on the computer became evident; this is especially the case for a shared system, such as a time-sharing system, and the need is even more acute for systems that can be accessed over a public telephone or data network. The generic name for the collection of tools designed to protect data and to thwart hackers is computer security. Although this is an important topic, it is beyond the scope of this article and will be dealt with only briefly.

Network security is becoming more and more important as people spend more and more time connected. Compromising network security is often much easier than compromising physical or local security, and is much more common. Computer networks and other data systems are built from several different components each of which has characteristics special security. A secure computer network that need to be a problem security that must be considered in all sectors, in which the security chain complete very weak, weak as weakest point

Security Requirements

There are so many threats that exist to network security; we need to have a definition of security requirements. Computer and network security address three requirements:

1. Secrecy. Requires that the information in a computer system only be accessible for reading by authorized parties. This type of access includes printing, displaying, and other forms of disclosure, including simply revealing the existence of an object.
2. Integrity. Requires that computer system assets can be modified only by authorized parties. Modification includes writing, changing, changing status, deleting, and creating.
3. Availability. Requires that computer system assets are available to authorized parties.

The types of attacks on the security of a computer system or network are best characterized by viewing the function of the computer system as providing information. In general, there is a flow of information from a source, such as a file or a region of main memory, to a destination, such as another file or a user. The remaining parts of the figure show the following four general categories of attack:

1. Interruption. An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. Examples include destruction of a piece of hardware, such as a hard disk, the cutting of a communication line, or the disabling of the file management system.
2. Interception. An unauthorized party gains access to an asset. This is an attack on confidentiality. The unauthorized party could be a person, a program, or a computer. Examples include wiretapping to capture data in a network, and the illicit copying of files or programs.
3. Modification. An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of messages being transmitted in a network.
4. Fabrication. An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Examples include the insertion of spurious messages in a network or the addition of records to a file.

In real practice there are some network attacks in network. base on its general categories of attack we can defne several topic about network attacks from this issue. Some Real attacks listed below :

Land Attacks

LAND attack is one kind of attack against a server / computer that is connected in a network that aims to stop the services provided by the server so that it occurs disruption of service or network computer. Type this kind of attack called a denial-of-Service (DoS) attack. LAND attack is categorized as a SYN attack (SYN attack) because it uses packet SYN (synchronization) at the time to do 3-way handshake to establish a relationship based TCP / IP. In a 3-way handshake to establish connection TCP / IP between the client and server, which occurred are as follows:

• First, the client sends a SYN packet to the server / host to form a relationship TCP / IP between client and host. 
• Second, the host replied by sending a SYN / ACK (Synchronization / Acknowledgements) back to the client.
• Finally, the client replied by sending a packet ACK (Acknowledgement) back to the host. Thus, the relationship TCP / IP between the client and the host is established and data transfer can begin.

In a LAND attack, the attacker computer that acts as a client sends a SYN packet have been engineered or dispoof to a server that is about to attack. SYN packets that have been engineered or dispoof contains source address (source address) and port number of origin (source port number) the exact same with a destination address (destination address) and destination port number (destination port number). Thus, when the host sends a SYN / ACK back to the client, then there is an infinite loop because the host actually sending a SYN / ACK is to itself. Host / server is not protected usually will crash or hang by a LAND attack is this. But now, LAND attack is not effective anymore because almost all systems are protected from these types of attacks through packet filtering or firewall.

Ping of Death

Ping of Death is an attack (Denial of Service) Denial of a server / computer that is connected in a network. These attacks take advantage of features in TCP / IP is packet fragmentation or solving packages, and also the fact that the size limit on the IP protocol packet is 65,536 bytes or 64 kilobytes. An attacker can send various ICMP packets (used to ping) which fragmented so that when the packets are put back together, then the total packet size exceeds limit of 65,536 bytes. A simple example is as follows: C: \ windows> ping-l 65 540.

MSDOS commands on a ping or ICMP packet size of 65,540 bytes to a host / server. At the time an unprotected server receives a packet that exceeds the size limit specified in IP protocol, the server usually crashes, hangs, or reboot so that services become disturbed (Denial of Service). In addition, Ping of Death attack packets can be easily dispoof or engineered so it can not know the real origin of nowhere, and the attacker only needs to know IP address of the computer you want attacked. But today, Ping of Death attacks are no longer effective because all of the operating system has been upgraded and protected from these types of attacks like this. In addition, firewall can block all ICMP packets from the outside so that these types of attacks can not be done again.

Teardrop

Teardrop-type attack is a Denial of Service attack (DoS) against a server / computer connected in a network. Teardrop attack takes advantage of features in TCP / IP is packet fragmentation or solution packages, and weakness in the TCP / IP at the time of the packages is put back together fragmented. In a data transmission from one computer to another based network TCP / IP, then the data is broken down into several smaller packets on the computer of origin, and the packages are sent and then put back together on the destination computer. For example there are 4000 bytes of data to be sent from computer A to computer B. Thus, the data is broken down into 3 packages this way.

On computer B, the third package is sorted and incorporated in accordance with the OFFSET in the TCP header of each package. Seen above that all three packages can be sorted and put back together into data 4000 bytes in size without problems.